diff mbox series

[meta-oe,whinlatter,03/11] imagemagick: patch CVE-2026-24485

Message ID 20260306150602.616834-3-skandigraun@gmail.com
State Superseded, archived
Headers show
Series [meta-oe,whinlatter,01/11] imagemagick: patch CVE-2026-24481 | expand

Commit Message

Gyorgy Sarvari March 6, 2026, 3:05 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24485

Backport the patch that is referenced by the NVD advisory.

Note that the backport is much shorter than the upstream version,
only the macro change from the top was backported.

There are two reasons for this:
1. The omitted part fails to apply to this version.
2. The omitted part also doesn't introduce any changes. In one part
   it only shuffles around variable names: it consolidates variable
   declarations to avoid duplication, without any logic change,
   and in the other part it introduces a new dedicated "extent"
   variable to store memory size (instead of "size" variable), but
   that is also just cosmetics, and introduces no change in the code.

The actual fix is in the macro change, which is in this patch.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../imagemagick/CVE-2026-24485.patch          | 45 +++++++++++++++++++
 .../imagemagick/imagemagick_7.1.2-13.bb       |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch
new file mode 100644
index 0000000000..7196aaeb4d
--- /dev/null
+++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-24485.patch
@@ -0,0 +1,45 @@ 
+From 8b1f339454f9896e518f4c20482e150a9eefb304 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Thu, 22 Jan 2026 19:25:35 -0500
+Subject: [PATCH] 
+ https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85
+
+CVE: CVE-2026-24485
+Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ coders/pcd.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/coders/pcd.c b/coders/pcd.c
+index db613504f..9477c75c0 100644
+--- a/coders/pcd.c
++++ b/coders/pcd.c
+@@ -116,19 +116,26 @@ static MagickBooleanType DecodeImage(Image *image,unsigned char *luma,
+ #define IsSync(sum)  ((sum & 0xffffff00UL) == 0xfffffe00UL)
+ #define PCDGetBits(n) \
+ {  \
++  ssize_t \
++    byte_count = 0x800; \
++  \
+   sum=(sum << n) & 0xffffffff; \
+   bits-=n; \
+   while (bits <= 24) \
+   { \
+     if (p >= (buffer+0x800)) \
+       { \
+-        (void) ReadBlob(image,0x800,buffer); \
++        byte_count=ReadBlob(image,0x800,buffer); \
++        if (byte_count != 0x800) \
++          break; \
+         p=buffer; \
+       } \
+     sum|=(((unsigned int) (*p)) << (24-bits)); \
+     bits+=8; \
+     p++; \
+   } \
++  if (byte_count != 0x800) \
++    break; \
+ }
+ 
+   typedef struct PCDTable
diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb
index 991b2e363d..3e2d3ab344 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb
@@ -17,6 +17,7 @@  SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
            file://imagemagick-ptest.sh \
            file://CVE-2026-24481.patch \
            file://CVE-2026-24484.patch \
+           file://CVE-2026-24485.patch \
            "
 
 SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e"